Lucene search
K

592 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:54 p.m.9 views

Malicious code in @coterie-baby/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb0f46407e3ad7d060630b7aec9ce77a68f41c3a9fd3678941d6d43ca78b68a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 1:54 p.m.9 views

MAL-2026-5654 Malicious code in @coterie-baby/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb0f46407e3ad7d060630b7aec9ce77a68f41c3a9fd3678941d6d43ca78b68a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:3 p.m.5 views

CVE-2026-33361

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

7.5CVSS5.8AI score0.00167EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Meari IoT SDK 加密问题漏洞

Meari IoT SDK is a software development kit provided by Meari Corporation, aimed at developing applications for smart devices. There are encryption-related vulnerabilities in the Meari IoT SDK. These vulnerabilities stem from the use of a predictable key derivation method to perform reversible XO...

7.5CVSS5.8AI score0.00167EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/16 10:52 p.m.19 views

charms-sdk (>=0.3.0 <=0.6.3), kzg-rs (>=0.2.3-sp1-4.0.0 <=0.2.5) +77 more potentially affected by unknown CVE via p3-symmetric (>=0.1.0 <=0.4.3)

p3-symmetric CARGO version =0.1.0, =0.3.0, =0.2.3-sp1-4.0.0, =0.20.0, =0.11.0, =5.2.2, =5.2.5, =5.2.2, =0.1.0, =0.4.0, =0.1.0, =0.4.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.4.3-succinct and more Source cves: unknown CVE Source advisory: OSV:GHSA-3G92-F9CH-QJCM...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/06 7:53 a.m.4 views

CVE-2026-28062

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Happy Baby happy-baby allows PHP Local File Inclusion.This issue affects Happy Baby: from n/a through = 1.2.12...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 6:30 a.m.4 views

EUVD-2026-9722

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Happy Baby happy-baby allows PHP Local File Inclusion.This issue affects Happy Baby: from n/a through = 1.2.12...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:54 a.m.3 views

CVE-2026-28062

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Happy Baby happy-baby allows PHP Local File Inclusion.This issue affects Happy Baby: from n/a through = 1.2.12...

5.9AI score0.00403EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/05 5:54 a.m.28 views

CVE-2026-28062 WordPress Happy Baby theme <= 1.2.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Happy Baby happy-baby allows PHP Local File Inclusion.This issue affects Happy Baby: from n/a through = 1.2.12...

8.1CVSS0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:54 a.m.10 views

CVE-2026-28062

CVE-2026-28062 affects the WordPress theme ThemeREX Happy Baby (happy-baby) up to version 1.2.12. It is an Unauthenticated Local File Inclusion vulnerability caused by improper control of filename for include/require statements in PHP. Consequences described in sources indicate possible exposure ...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:54 a.m.1 views

CVE-2026-28062 WordPress Happy Baby theme <= 1.2.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Happy Baby happy-baby allows PHP Local File Inclusion.This issue affects Happy Baby: from n/a through = 1.2.12...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

WordPress plugin Happy Baby 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.23 views

PT-2026-23342

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Happy Baby happy-baby allows PHP Local File Inclusion.This issue affects Happy Baby: from n/a through = 1.2.12...

5.9AI score0.00403EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/27 7:59 a.m.5 views

WordPress Happy Baby theme <= 1.2.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Happy Baby versions = 1.2.12...

8.1CVSS5.9AI score0.00403EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/11 5:42 a.m.14 views

CVE-2025-12932

A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. This manipulation of the argument msgid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed...

9.8CVSS5.2AI score0.003EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/11 5:42 a.m.6 views

CVE-2025-12933

A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and...

9.8CVSS6.5AI score0.00289EPSS
Exploits1References1
NVD
NVD
added 2025/11/10 6:15 a.m.6 views

CVE-2025-12933

A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is publicly available...

9.8CVSS0.00289EPSS
Exploits1References5
OSV
OSV
added 2025/11/10 6:15 a.m.4 views

CVE-2025-12933

A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is publicly available...

9.8CVSS5.8AI score0.00289EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/10 5:32 a.m.5 views

EUVD-2025-44028

A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is publicly available...

6.5CVSS6.7AI score0.00289EPSS
Exploits1References6
CVE
CVE
added 2025/11/10 5:32 a.m.15 views

CVE-2025-12933

CVE-2025-12933 : A SQL injection vulnerability exists in SourceCodester Baby Care System 1.0 due to manipulation of the roleid parameter in /updatewelcome.php?id=siteoptions&action=welcome. The vulnerability can be exploited remotely and a public exploit is available. The connected documents cons...

9.8CVSS6.5AI score0.00289EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder